gws auth login --readonly + auth export --unmasked appears to allow full access on external machine

[yfrbl]

Summary

When authenticating with read-only scopes using gws auth login --readonly, exporting credentials with:

gws auth export --unmasked > credentials.json

and then using those credentials on another machine (OpenClaw), the resulting access appears to still allow full/write operations.

Reproduction

1. Run:

   gws auth login --readonly

2. Export credentials:

   gws auth export --unmasked > credentials.json

3. Move credentials.json to an external machine/environment (OpenClaw).
4. Use the exported credentials with gws there.
5. Attempt a write operation (for example, Gmail send).

Actual behavior

Write/full-access behavior is still possible on the external machine, even though login was done with --readonly.

Expected behavior

Read-only scope enforcement should persist with exported credentials and be enforced by Google-issued token scopes, not only by client-side command restrictions.

Questions

• Are --readonly scopes currently enforced only in the local client flow, rather than in the OAuth token/scopes themselves?
• If so, what is the recommended way to ensure exported credentials are truly read-only on external machines?
• Can --readonly become the default behavior in the installer/setup flow (or at least a strongly guided default), not just a local/client-side option?

Why this matters

Users exporting credentials for remote execution expect least-privilege guarantees to carry over across machines/environments.